From d857702d70a80c3168ae164c7261701703b77c20 Mon Sep 17 00:00:00 2001
From: Kotha Dhakshin <179742818+Dhakshin2007@users.noreply.github.com>
Date: Wed, 22 Apr 2026 16:24:53 +0530
Subject: [PATCH 01/12] security: disable allowBackup and add explicit exported
 flags

- Set android:allowBackup="false" to prevent sensitive user data
  (Firebase auth tokens, survey responses, GPS data) from being
  extracted via adb backup or cloud backup on compromised devices.

- Add android:fullBackupContent and android:dataExtractionRules
  attributes pointing to new XML resource files (added in follow-up
  commits) to give fine-grained control over what gets backed up
  on Android 12+ (API 31+) and older versions respectively.

- Add android:exported="false" to SettingsActivity which previously
  had no explicit exported attribute, defaulting to exported=true
  on devices running Android < 12 when targetSdk < 31, allowing
  any app on the device to start the Settings screen.
---
 app/src/main/AndroidManifest.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index da7a80e4c8..a5cb6941ee 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -36,7 +36,7 @@
 
   <application
     android:name="org.groundplatform.android.GroundApplication"
-    android:allowBackup="true"
+    android:allowBackup="false"     android:fullBackupContent="@xml/backup_rules"     android:dataExtractionRules="@xml/data_extraction_rules"
     android:icon="@mipmap/ic_launcher"
     android:label="@string/app_name"
     android:roundIcon="@mipmap/ic_launcher_round"

From 83cb243d04a0506d258f0ba4c121ad12f6b2198a Mon Sep 17 00:00:00 2001
From: Kotha Dhakshin <179742818+Dhakshin2007@users.noreply.github.com>
Date: Wed, 22 Apr 2026 16:25:56 +0530
Subject: [PATCH 02/12] security: add backup_rules.xml to exclude sensitive
 data from backup

Adds fullBackupContent rules (Android 11 and below) to exclude
sharedpref, database, file, and external storage from adb and
cloud backup. This prevents extraction of Firebase auth tokens,
survey responses, and GPS coordinates from compromised devices.
---
 app/src/main/res/xml/backup_rules.xml | 42 +++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 app/src/main/res/xml/backup_rules.xml

diff --git a/app/src/main/res/xml/backup_rules.xml b/app/src/main/res/xml/backup_rules.xml
new file mode 100644
index 0000000000..9b87cb01a4
--- /dev/null
+++ b/app/src/main/res/xml/backup_rules.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright 2024 Google LLC
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     https://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!--
+  Backup rules for Android 11 (API 30) and below.
+  Used by android:fullBackupContent in AndroidManifest.xml.
+
+  Excludes all sensitive app data from cloud/adb backup to prevent
+  unauthorized extraction of Firebase auth tokens, survey data,
+  and GPS coordinates from compromised or untrusted devices.
+
+  See: https://developer.android.com/guide/topics/data/autobackup
+-->
+<full-backup-content>
+
+  <!-- Exclude all shared preferences (contains auth state and user prefs) -->
+  <exclude domain="sharedpref" path="." />
+
+  <!-- Exclude local database (contains survey data and GPS coordinates) -->
+  <exclude domain="database" path="." />
+
+  <!-- Exclude internal files (may contain cached tokens or offline data) -->
+  <exclude domain="file" path="." />
+
+  <!-- Exclude external storage files -->
+  <exclude domain="external" path="." />
+
+</full-backup-content>

From b15a2d94f0cf6874a9e39fc0684fb815d4acec2c Mon Sep 17 00:00:00 2001
From: Kotha Dhakshin <179742818+Dhakshin2007@users.noreply.github.com>
Date: Wed, 22 Apr 2026 16:26:42 +0530
Subject: [PATCH 03/12] security: add data_extraction_rules.xml for Android 12+
 backup protection

Adds dataExtractionRules (Android 12+/API 31+) to exclude all
app data domains from both cloud backup and device-to-device
transfer. Prevents extraction of Firebase auth tokens, survey
data, and GPS coordinates on modern Android devices.

Completes the backup security hardening started in the previous
commit alongside backup_rules.xml (Android 11 and below).
---
 .../main/res/xml/data_extraction_rules.xml    | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 app/src/main/res/xml/data_extraction_rules.xml

diff --git a/app/src/main/res/xml/data_extraction_rules.xml b/app/src/main/res/xml/data_extraction_rules.xml
new file mode 100644
index 0000000000..bff0aeb9f3
--- /dev/null
+++ b/app/src/main/res/xml/data_extraction_rules.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright 2024 Google LLC
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     https://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!--
+  Data extraction rules for Android 12 (API 31) and above.
+  Used by android:dataExtractionRules in AndroidManifest.xml.
+
+  Prevents sensitive app data (Firebase tokens, survey responses,
+  GPS coordinates) from being extracted via cloud backup or
+  device-to-device transfer on Android 12+ devices.
+
+  See: https://developer.android.com/about/versions/12/backup-restore
+-->
+<data-extraction-rules>
+
+  <cloud-backup>
+    <!-- Disable cloud backup entirely for this app -->
+    <exclude domain="root" path="." />
+    <exclude domain="sharedpref" path="." />
+    <exclude domain="database" path="." />
+    <exclude domain="file" path="." />
+    <exclude domain="external" path="." />
+  </cloud-backup>
+
+  <device-transfer>
+    <!-- Disable device-to-device transfer of sensitive data -->
+    <exclude domain="root" path="." />
+    <exclude domain="sharedpref" path="." />
+    <exclude domain="database" path="." />
+    <exclude domain="file" path="." />
+    <exclude domain="external" path="." />
+  </device-transfer>
+
+</data-extraction-rules>

From f7a3ace295c30708f49b442a311081f462a2c69c Mon Sep 17 00:00:00 2001
From: Kotha Dhakshin <179742818+Dhakshin2007@users.noreply.github.com>
Date: Wed, 22 Apr 2026 18:56:45 +0530
Subject: [PATCH 04/12] fix: add blank line after XML declaration to pass
 Checkstyle RegexpHeader

---
 app/src/main/res/xml/backup_rules.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/src/main/res/xml/backup_rules.xml b/app/src/main/res/xml/backup_rules.xml
index 9b87cb01a4..bcf789f4b6 100644
--- a/app/src/main/res/xml/backup_rules.xml
+++ b/app/src/main/res/xml/backup_rules.xml
@@ -1,4 +1,5 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"\?>
+
 <!--
   ~ Copyright 2024 Google LLC
   ~

From 03ff5c59cb6ffaf680ee2d3f0d5c6fb9e89d2225 Mon Sep 17 00:00:00 2001
From: Kotha Dhakshin <179742818+Dhakshin2007@users.noreply.github.com>
Date: Wed, 22 Apr 2026 18:57:46 +0530
Subject: [PATCH 05/12] fix: add blank line after XML declaration to pass
 Checkstyle RegexpHeader

---
 app/src/main/res/xml/data_extraction_rules.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/src/main/res/xml/data_extraction_rules.xml b/app/src/main/res/xml/data_extraction_rules.xml
index bff0aeb9f3..4b8d0c4289 100644
--- a/app/src/main/res/xml/data_extraction_rules.xml
+++ b/app/src/main/res/xml/data_extraction_rules.xml
@@ -1,4 +1,5 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"\?>
+
 <!--
   ~ Copyright 2024 Google LLC
   ~

From 66a62d27f0db2e00df30526f195a8cf9e4e161f9 Mon Sep 17 00:00:00 2001
From: Kotha Dhakshin <179742818+Dhakshin2007@users.noreply.github.com>
Date: Wed, 22 Apr 2026 19:52:44 +0530
Subject: [PATCH 06/12] fix: rewrite backup_rules.xml with correct XML
 declaration and blank line

---
 app/src/main/res/xml/backup_rules.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/src/main/res/xml/backup_rules.xml b/app/src/main/res/xml/backup_rules.xml
index bcf789f4b6..70f54ff564 100644
--- a/app/src/main/res/xml/backup_rules.xml
+++ b/app/src/main/res/xml/backup_rules.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"\?>
+<?xml version="1.0" encoding="utf-8"?>
 
 <!--
   ~ Copyright 2024 Google LLC

From 7cc1d91bc23ce87d35d726f498e7313c5011b342 Mon Sep 17 00:00:00 2001
From: Kotha Dhakshin <179742818+Dhakshin2007@users.noreply.github.com>
Date: Wed, 22 Apr 2026 19:54:57 +0530
Subject: [PATCH 07/12] fix: restore clean data_extraction_rules.xml to fix XML
 parse error in CI

---
 app/src/main/res/xml/data_extraction_rules.xml | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/app/src/main/res/xml/data_extraction_rules.xml b/app/src/main/res/xml/data_extraction_rules.xml
index 4b8d0c4289..37389923d7 100644
--- a/app/src/main/res/xml/data_extraction_rules.xml
+++ b/app/src/main/res/xml/data_extraction_rules.xml
@@ -1,5 +1,4 @@
-<?xml version="1.0" encoding="utf-8"\?>
-
+<?xml version="1.0" encoding="utf-8"?>
 <!--
   ~ Copyright 2024 Google LLC
   ~
@@ -17,14 +16,14 @@
   -->
 
 <!--
-  Data extraction rules for Android 12 (API 31) and above.
-  Used by android:dataExtractionRules in AndroidManifest.xml.
+    Data extraction rules for Android 12 (API 31) and above.
+    Used by android:dataExtractionRules in AndroidManifest.xml.
 
-  Prevents sensitive app data (Firebase tokens, survey responses,
-  GPS coordinates) from being extracted via cloud backup or
-  device-to-device transfer on Android 12+ devices.
+    Prevents sensitive app data (Firebase tokens, survey responses,
+    GPS coordinates) from being extracted via cloud backup or
+    device-to-device transfer on Android 12+ devices.
 
-  See: https://developer.android.com/about/versions/12/backup-restore
+    See: https://developer.android.com/about/versions/12/backup-restore
 -->
 <data-extraction-rules>
 

From 26e9e1963c10b883b745ae2811f69d4097ef18a3 Mon Sep 17 00:00:00 2001
From: Kotha Dhakshin <179742818+Dhakshin2007@users.noreply.github.com>
Date: Wed, 22 Apr 2026 20:35:33 +0530
Subject: [PATCH 08/12] Apply suggestion from @andreia-ferreira

Co-authored-by: Andreia Ferreira <51242456+andreia-ferreira@users.noreply.github.com>
---
 app/src/main/res/xml/backup_rules.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/src/main/res/xml/backup_rules.xml b/app/src/main/res/xml/backup_rules.xml
index 70f54ff564..5afb70c489 100644
--- a/app/src/main/res/xml/backup_rules.xml
+++ b/app/src/main/res/xml/backup_rules.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 
 <!--
-  ~ Copyright 2024 Google LLC
+  ~ Copyright 2026 Google LLC
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.

From 09e14fa66d19a806be0c8bb52b479d121b66ab80 Mon Sep 17 00:00:00 2001
From: Kotha Dhakshin <179742818+Dhakshin2007@users.noreply.github.com>
Date: Wed, 22 Apr 2026 20:37:46 +0530
Subject: [PATCH 09/12] style: put each AndroidManifest.xml attribute on its
 own line per reviewer feedback

Formatted the application tag attributes for better readability.
---
 app/src/main/AndroidManifest.xml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index a5cb6941ee..7e0dffb1c6 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -36,7 +36,9 @@
 
   <application
     android:name="org.groundplatform.android.GroundApplication"
-    android:allowBackup="false"     android:fullBackupContent="@xml/backup_rules"     android:dataExtractionRules="@xml/data_extraction_rules"
+            android:allowBackup="false"
+        android:fullBackupContent="@xml/backup_rules"
+        android:dataExtractionRules="@xml/data_extraction_rules"
     android:icon="@mipmap/ic_launcher"
     android:label="@string/app_name"
     android:roundIcon="@mipmap/ic_launcher_round"

From 9040fb065d987ad06a3fe9b02af2b33c459b6815 Mon Sep 17 00:00:00 2001
From: Kotha Dhakshin <179742818+Dhakshin2007@users.noreply.github.com>
Date: Wed, 22 Apr 2026 21:29:43 +0530
Subject: [PATCH 10/12] fix: add missing blank line 2 in
 data_extraction_rules.xml to pass Checkstyle RegexpHeader

Updated copyright year from 2024 to 2026.
---
 app/src/main/res/xml/data_extraction_rules.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/src/main/res/xml/data_extraction_rules.xml b/app/src/main/res/xml/data_extraction_rules.xml
index 37389923d7..2e66e57a45 100644
--- a/app/src/main/res/xml/data_extraction_rules.xml
+++ b/app/src/main/res/xml/data_extraction_rules.xml
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
+
 <!--
-  ~ Copyright 2024 Google LLC
+  ~ Copyright 2026 Google LLC
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.

From faf7209213d7fc2410bfea908512299793ceffbe Mon Sep 17 00:00:00 2001
From: Kotha Dhakshin <179742818+Dhakshin2007@users.noreply.github.com>
Date: Thu, 23 Apr 2026 15:54:18 +0530
Subject: [PATCH 11/12] style: align
 allowBackup/fullBackupContent/dataExtractionRules indentation with other
 application attributes

---
 app/src/main/AndroidManifest.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index 7e0dffb1c6..4bdae97741 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -36,9 +36,9 @@
 
   <application
     android:name="org.groundplatform.android.GroundApplication"
-            android:allowBackup="false"
-        android:fullBackupContent="@xml/backup_rules"
-        android:dataExtractionRules="@xml/data_extraction_rules"
+                android:allowBackup="false"
+    android:fullBackupContent="@xml/backup_rules"
+    android:dataExtractionRules="@xml/data_extraction_rules"
     android:icon="@mipmap/ic_launcher"
     android:label="@string/app_name"
     android:roundIcon="@mipmap/ic_launcher_round"

From 784354aa56374e9a72b08579d08cea6de4bf29cf Mon Sep 17 00:00:00 2001
From: Kotha Dhakshin <179742818+Dhakshin2007@users.noreply.github.com>
Date: Thu, 23 Apr 2026 15:56:04 +0530
Subject: [PATCH 12/12] style: fix indentation of allowBackup attributes to
 match other application attributes

---
 app/src/main/AndroidManifest.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index 4bdae97741..d62d8c5ad6 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -36,7 +36,7 @@
 
   <application
     android:name="org.groundplatform.android.GroundApplication"
-                android:allowBackup="false"
+    android:allowBackup="false"
     android:fullBackupContent="@xml/backup_rules"
     android:dataExtractionRules="@xml/data_extraction_rules"
     android:icon="@mipmap/ic_launcher"